CVE-2021-47837
📋 TL;DR
Markdownify 1.2.0 contains a persistent cross-site scripting (XSS) vulnerability that allows attackers to upload malicious markdown files containing embedded scripts. When these files are opened, the scripts execute in the user's context, potentially leading to session hijacking, data theft, or remote code execution. Users of Markdownify 1.2.0 who open untrusted markdown files are affected.
💻 Affected Systems
- Markdownify
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution on the victim's system, complete compromise of user sessions, data exfiltration, and lateral movement within the network.
Likely Case
Session hijacking, credential theft, unauthorized actions performed in the user's context, and potential malware installation.
If Mitigated
Limited impact with proper input validation and output encoding, potentially only affecting individual user sessions without system compromise.
🎯 Exploit Status
Exploitation requires the victim to open a malicious markdown file. Public proof-of-concept exists in exploit databases.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.1 or later
Vendor Advisory: https://github.com/amitmerchant1990/electron-markdownify
Restart Required: Yes
Instructions:
1. Download latest version from GitHub releases. 2. Uninstall current version. 3. Install updated version. 4. Restart application.
🔧 Temporary Workarounds
Disable markdown file processing
allPrevent Markdownify from opening markdown files by changing file associations
On Windows: assoc .md=txtfile
On Linux/macOS: update mime types to open .md files with text editor
Use content security policy
allImplement CSP headers to restrict script execution
Add Content-Security-Policy: script-src 'self' to application headers
🧯 If You Can't Patch
- Restrict markdown file sources to trusted locations only
- Implement file upload validation and sanitization for any markdown files
🔍 How to Verify
Check if Vulnerable:
Check if Markdownify version is 1.2.0 via Help > About or version commandCheck Version:
On Windows: wmic product where name='Markdownify' get version
On Linux/macOS: markdownify --versionVerify Fix Applied:
Verify version is 1.2.1 or later and test with known malicious markdown files📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads with script tags
- Markdown file processing errors
- Unexpected script execution events
Network Indicators:
- External markdown file downloads to Markdownify instances
- Unexpected outbound connections after file opens
SIEM Query:
source='markdownify_logs' AND (event='file_open' AND file_extension='md' AND file_size>100KB) OR (event='script_execution' AND context='markdown_processing')